Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OLMARIK TDL4 [Closed]


  • This topic is locked This topic is locked

#1
martyray

martyray

    New Member

  • Member
  • Pip
  • 1 posts
Hi my name is marty and I am running windows xp with eset nod32 version 4x virus software.
yesterday while sitting at lunch an email must have come through and when I returned had numerous errors
telling me I had been infected. i ran the eset stand alone removal tool and restared in safe mode and tried to go back to a different restart point. It still tells me I am infected and it cannot be cleaned everytime I log back on.
Can someone help me remove it.
thanks in advance....

OTL logfile created on: 10/26/2012 9:22:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\mtaylor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.67% Memory free
3.85 Gb Paging File | 3.07 Gb Available in Paging File | 79.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 44.81 Gb Free Space | 60.19% Space Free | Partition Type: NTFS
Drive G: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS
Drive H: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS
Drive I: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS
Drive K: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS
Drive P: | 67.75 Gb Total Space | 47.02 Gb Free Space | 69.40% Space Free | Partition Type: NTFS
Drive U: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS

Computer Name: OWNER-BE1505AC4 | User Name: mtaylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/26 09:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mtaylor\Desktop\OTL.exe
PRC - [2012/08/23 15:18:02 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/05/15 06:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/10 09:28:48 | 000,167,584 | ---- | M] (Bluebeam Software, Inc.) -- C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
PRC - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/10/24 09:40:04 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/26 15:31:08 | 001,740,632 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/15 06:18:00 | 001,570,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2012/05/15 06:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | -H-- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | -H-- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll


========== Services (SafeList) ==========

SRV - [2012/08/23 15:18:02 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/29 09:36:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/05/15 06:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/24 09:40:44 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\efavdrv.sys -- (efavdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2011/10/24 09:40:20 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/10/24 09:40:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/10/24 09:39:24 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 23 E1 12 93 3D CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mtaylor\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mtaylor\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/05/25 23:54:39 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Apple Computer] rundll32.exe "C:\Documents and Settings\mtaylor\Local Settings\Application Data\ESET\Apple Computer\loaufevme.dll",DllRegisterServerW File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342005491921 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://72.36.41.99/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx (AcPreview Control)
O16 - DPF: {FAA26872-BB40-4AB2-8A6D-A49183581AAA} http://207.59.155.13...er/TSBnwCam.CAB (TSBnwCam Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = steeldetail.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9775DEE-14A3-4E36-A99A-E749555CC85A}: DhcpNameServer = 192.168.100.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9775DEE-14A3-4E36-A99A-E749555CC85A}: NameServer = 192.168.100.10,192.168.100.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mtaylor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mtaylor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/26 14:12:39 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012/05/24 21:16:16 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/11/03 11:19:28 | 000,000,000 | ---D | M] - P:\AUTOCAD INTO XSTEEL -- [ NTFS ]
O32 - AutoRun File - [2012/05/31 17:45:21 | 000,000,000 | R--D | M] - P:\autosave -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/26 09:21:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mtaylor\Desktop\OTL.exe
[2012/10/26 09:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/26 09:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/10/26 09:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/10/25 14:25:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mtaylor\Recent
[2012/10/25 13:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support Logs
[2012/10/25 13:44:17 | 000,000,000 | ---D | C] -- C:\EOlmarikTdl4Cleaner.20121025.134417.2824
[2012/10/25 13:38:12 | 000,000,000 | ---D | C] -- C:\EOlmarikTdl4Cleaner.20121025.133812.1120
[2012/10/25 13:38:06 | 000,327,704 | ---- | C] (ESET) -- C:\EOlmarikTdl4Cleaner.exe
[2012/10/25 12:58:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/10/05 10:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mtaylor\Application Data\Bluebeam Software
[2012/10/05 10:53:15 | 000,100,440 | ---- | C] (Bluebeam Software, Inc.) -- C:\WINDOWS\System32\BBPdfPortMon.DLL
[2012/10/05 10:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bluebeam Software
[2012/10/05 10:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bluebeam Software
[2012/10/05 10:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bluebeam Software
[2012/10/05 10:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2012/10/05 10:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mtaylor\Local Settings\Application Data\Downloaded Installations
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\mtaylor\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\mtaylor\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/26 09:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mtaylor\Desktop\OTL.exe
[2012/10/26 09:09:23 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\mtaylor\Desktop\Spybot - Search & Destroy.lnk
[2012/10/26 09:08:00 | 000,000,830 | -H-- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/26 08:56:01 | 000,000,986 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-263560638-87465442-3990609200-1145UA.job
[2012/10/26 08:32:02 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/26 08:31:03 | 000,000,199 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/10/26 08:27:19 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{78A76B2A-48BC-458B-9D82-D0868302FD34}.job
[2012/10/26 08:24:35 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/26 08:24:35 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/26 08:24:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/25 15:16:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/25 13:44:17 | 000,327,704 | ---- | M] (ESET) -- C:\EOlmarikTdl4Cleaner.exe
[2012/10/25 13:22:33 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/10/24 15:56:00 | 000,000,934 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-263560638-87465442-3990609200-1145Core.job
[2012/10/11 07:58:33 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\mtaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 17:03:55 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/10 10:01:05 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\mtaylor\Desktop\Paint.NET.lnk
[2012/10/10 10:00:38 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\mtaylor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/09 09:54:13 | 000,000,061 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2012/10/05 10:54:00 | 000,000,119 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/05 10:51:45 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bluebeam Revu.lnk
[2012/10/03 06:26:59 | 000,228,000 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/01 14:22:46 | 001,744,395 | -H-- | M] () -- C:\Binder1.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\mtaylor\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\mtaylor\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/26 09:09:23 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\mtaylor\Desktop\Spybot - Search & Destroy.lnk
[2012/10/25 14:04:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/18 07:11:16 | 000,000,830 | -H-- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/10 10:01:05 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\mtaylor\Desktop\Paint.NET.lnk
[2012/10/05 10:54:00 | 000,000,119 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/05 10:51:45 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bluebeam Revu.lnk
[2012/10/01 14:22:45 | 001,744,395 | -H-- | C] () -- C:\Binder1.pdf
[2012/07/26 16:27:45 | 000,682,358 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-263560638-87465442-3990609200-1145-0.dat
[2012/07/26 16:27:44 | 000,238,174 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/02 13:55:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\hppapr01.dll
[2012/07/02 13:55:37 | 000,000,508 | -H-- | C] () -- C:\WINDOWS\System32\hppapr01.dat
[2012/06/28 10:05:30 | 000,678,912 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam Javascript Library.dll
[2012/06/28 10:04:46 | 000,246,272 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam JPX Library.dll
[2012/06/28 10:04:42 | 012,828,672 | R--- | C] () -- C:\WINDOWS\System32\BGP905A.dll
[2012/05/31 09:13:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2012/05/29 15:50:51 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\mtaylor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/29 14:33:10 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2012/05/29 09:55:36 | 000,000,199 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2012/05/29 08:52:11 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2012/05/29 08:48:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/05/29 08:11:48 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2012/05/29 08:06:24 | 000,009,180 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/05/29 08:02:57 | 000,000,664 | RHS- | C] () -- C:\Documents and Settings\mtaylor\ntuser.pol
[2012/05/25 23:35:29 | 001,075,544 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/05/25 23:35:29 | 001,075,544 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/05/25 23:35:29 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/05/25 23:35:21 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/05/25 12:53:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/24 21:17:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/24 21:14:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/24 14:24:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/24 14:24:04 | 000,228,000 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/05/29 08:29:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/02/28 14:50:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/26 14:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/07/26 14:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Freedom 2012
[2012/10/05 10:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2012/05/29 08:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2012/10/25 14:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/07/26 14:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Navisworks 2012
[2012/05/29 10:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2012/05/29 10:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/06/20 12:44:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\mtaylor\Application Data\8C4AD6D7
[2012/07/26 14:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Autodesk
[2012/07/26 14:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Autodesk Navisworks Freedom 2012
[2012/10/05 10:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Bluebeam Software
[2012/05/29 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Cloudmark
[2012/07/30 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\FileZilla
[2012/08/28 14:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Informatik Inc
[2012/05/31 10:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Leadertech
[2012/05/29 09:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\OpenOffice.org
[2012/05/29 10:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\PDF Writer
[2012/08/29 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\PDFComplete

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to XSTEEL DWGS.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to STRUCTURALJOBS.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to steeldetaildocs.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to PCAWAY.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to CNC.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\NOTES.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\!!BIDS.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to MILL ORDERS.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to Dwgs.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to DRILL.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Scanners and Cameras.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\internet.exe.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Internet Explorer (No Add-ons).lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\galv-holes.xls.lnk:KAVICHS

< End of report >

Attached Files

  • Attached File  OTL.Txt   64.06KB   34 downloads

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi this may be a quick fix.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

  • Run otl with the following custom script, there will only be one log this time.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP